Security News > 2022 > June > A Microsoft Office 365 Feature Could Help Ransomware Hackers Hold Cloud Files Hostage

A "Dangerous piece of functionality" has been discovered in Microsoft 365 suite that could be potentially abused by a malicious actor to ransom files stored on SharePoint and OneDrive and launch attacks on cloud infrastructure.

The cloud ransomware attack makes it possible to launch file-encrypting malware to "Encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker," Proofpoint said in a report published today.

The attack, at its core, hinges on a Microsoft 365 feature called AutoSave that creates copies of older file versions as and when users make edits to a file stored on OneDrive or SharePoint Online.

"Now all original versions of the files are lost, leaving only the encrypted versions of each file in the cloud account," the researchers explained.

Microsoft, in response to the findings, pointed out that older versions of files can be potentially recovered and restored for an additional 14 days with the assistance of Microsoft Support, a process that Proofpoint found to be unsuccessful.

"Files stored in a hybrid state on both endpoint and cloud such as through cloud sync folders will reduce the impact of this novel risk as the attacker will not have access to the local/endpoint files," the researchers said.

News URL

https://thehackernews.com/2022/06/a-microsoft-office-365-feature-could.html